Wei Wei,Yabo Dong,Dongming Lu,Guang Jin

DOI: https://doi.org/10.1007/11758549_8

2006-01-01

Abstract:In legitimate traffic the correlation exists between the outgoing traffic and incoming traffic of a server network because of the request-reply actions in most protocols. When DDoS attacks occur, the attackers send packets with faked source addresses. As a result, the outgoing traffic to the faked addresses does not induce any related incoming traffic. Our main idea is to find changes in the correlation caused by DDoS. We sample network traffics using Extended First Connection Density (EFCD), and express correlation by cross-correlation function. Because network traffic in DDoS-initiating stage is much similar to legitimate traffic, we use fuzzy classification in order to guarantee the accuracy. Experiments show that DDoS traffic can be identified accurately by our algorithm.

Evans Owusu,Mohamed Rahouti,D. Frank Hsu,Kaiqi Xiong,Yufeng Xin

2023-10-02

Abstract:Mitigating Denial-of-Service (DoS) attacks is vital for online service security and availability. While machine learning (ML) models are used for DoS attack detection, new strategies are needed to enhance their performance. We suggest an innovative method, combinatorial fusion, which combines multiple ML models using advanced algorithms. This includes score and rank combinations, weighted techniques, and diversity strength of scoring systems. Through rigorous evaluations, we demonstrate the effectiveness of this fusion approach, considering metrics like precision, recall, and F1-score. We address the challenge of low-profiled attack classification by fusing models to create a comprehensive solution. Our findings emphasize the potential of this approach to improve DoS attack detection and contribute to stronger defense mechanisms.

Cryptography and Security,Artificial Intelligence

Firas Mohammed Aswad,Ali Mohammed Saleh Ahmed,Nafea Ali Majeed Alhammadi,Bashar Ahmad Khalaf,Salama A. Mostafa

DOI: https://doi.org/10.1515/jisys-2022-0155

2023-01-01

Journal of Intelligent Systems

Abstract:Abstract With the rapid growth of informatics systems’ technology in this modern age, the Internet of Things (IoT) has become more valuable and vital to everyday life in many ways. IoT applications are now more popular than they used to be due to the availability of many gadgets that work as IoT enablers, including smartwatches, smartphones, security cameras, and smart sensors. However, the insecure nature of IoT devices has led to several difficulties, one of which is distributed denial-of-service (DDoS) attacks. IoT systems have several security limitations due to their disreputability characteristics, like dynamic communication between IoT devices. The dynamic communications resulted from the limited resources of these devices, such as their data storage and processing units. Recently, many attempts have been made to develop intelligent models to protect IoT networks against DDoS attacks. The main ongoing research issue is developing a model capable of protecting the network from DDoS attacks that is sensitive to various classes of DDoS and can recognize legitimate traffic to avoid false alarms. Subsequently, this study proposes combining three deep learning algorithms, namely recurrent neural network (RNN), long short-term memory (LSTM)-RNN, and convolutional neural network (CNN), to build a bidirectional CNN-BiLSTM DDoS detection model. The RNN, CNN, LSTM, and CNN-BiLSTM are implemented and tested to determine the most effective model against DDoS attacks that can accurately detect and distinguish DDoS from legitimate traffic. The intrusion detection evaluation dataset (CICIDS2017) is used to provide more realistic detection. The CICIDS2017 dataset includes benign and up-to-date examples of typical attacks, closely matching real-world data of Packet Capture. The four models are tested and assessed using Confusion Metrix against four commonly used criteria: accuracy, precision, recall, and F -measure. The performance of the models is quite effective as they obtain an accuracy rate of around 99.00%, except for the CNN model, which achieves an accuracy of 98.82%. The CNN-BiLSTM achieves the best accuracy of 99.76% and precision of 98.90%.

Huifen Feng,Weiting Zhang,Ying Liu,Chuan Zhang,Chenhao Ying,Jian Jin,Zhenzhen Jiao

DOI: https://doi.org/10.1016/j.comnet.2024.110251

IF: 5.493

2024-04-01

Computer Networks

Abstract:In this paper, we investigate the problem of multiple network domains being threatened by Distributed Denial-of-Service (DDoS) attacks, in which a DDoS attack detection scheme is constructed based on the Software Defined Networks (SDN) hierarchical distributed control plane architecture. Specifically, we propose a two-level detection framework for collaborative DDoS attack detection in multi-domain scenarios. To detect the signs of DDoS attacks as early as possible on the attack path, a first-level coarse-grained anomaly detection method based on the Rényi entropy algorithm is proposed. The purpose is to calculate the feature entropy of normal and abnormal traffic in a simple statistical way within the local network domain, achieving rapid perception of network anomalies. Then, the root server aggregates all abnormal traffic data uploaded by each local network domain, and the DCNN-LSTM algorithm based on a hybrid deep learning model as the second-level detection method extracts the features of the suspicious traffic from both temporal and spatial dimensions to achieve fine-grained DDoS attack classification. Finally, theoretical analysis and experimental results indicate that the proposed two-level detection method in multi-domain scenarios is effective and feasible, while with high detection accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Ali Alfatemi,Mohamed Rahouti,Ruhul Amin,Sarah ALJamal,Kaiqi Xiong,Yufeng Xin

2024-01-06

Abstract:Distributed Denial of Service (DDoS) attacks pose a significant threat to the stability and reliability of online systems. Effective and early detection of such attacks is pivotal for safeguarding the integrity of networks. In this work, we introduce an enhanced approach for DDoS attack detection by leveraging the capabilities of Deep Residual Neural Networks (ResNets) coupled with synthetic oversampling techniques. Because of the inherent class imbalance in many cyber-security datasets, conventional methods often struggle with false negatives, misclassifying subtle DDoS patterns as benign. By applying the Synthetic Minority Over-sampling Technique (SMOTE) to the CICIDS dataset, we balance the representation of benign and malicious data points, enabling the model to better discern intricate patterns indicative of an attack. Our deep residual network, tailored for this specific task, further refines the detection process. Experimental results on a real-world dataset demonstrate that our approach achieves an accuracy of 99.98%, significantly outperforming traditional methods. This work underscores the potential of combining advanced data augmentation techniques with deep learning models to bolster cyber-security defenses.

Cryptography and Security,Machine Learning

Azar Abid Salih,Maiwan Bahjat Abdulrazaq

DOI: https://doi.org/10.32604/cmc.2023.046101

2024-01-01

Abstract:Cyberspace is extremely dynamic, with new attacks arising daily. Protecting cybersecurity controls is vital for network security. Deep Learning (DL) models find widespread use across various fields, with cybersecurity being one of the most crucial due to their rapid cyberattack detection capabilities on networks and hosts. The capabilities of DL in feature learning and analyzing extensive data volumes lead to the recognition of network traffic patterns. This study presents novel lightweight DL models, known as Cybernet models, for the detection and recognition of various cyber Distributed Denial of Service (DDoS) attacks. These models were constructed to have a reasonable number of learnable parameters, i.e., less than 225,000, hence the name “lightweight.” This not only helps reduce the number of computations required but also results in faster training and inference times. Additionally, these models were designed to extract features in parallel from 1D Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM), which makes them unique compared to earlier existing architectures and results in better performance measures. To validate their robustness and effectiveness, they were tested on the CIC-DDoS2019 dataset, which is an imbalanced and large dataset that contains different types of DDoS attacks. Experimental results revealed that both models yielded promising results, with 99.99% for the detection model and 99.76% for the recognition model in terms of accuracy, precision, recall, and F1 score. Furthermore, they outperformed the existing state-of-the-art models proposed for the same task. Thus, the proposed models can be used in cyber security research domains to successfully identify different types of attacks with a high detection and recognition rate.

computer science, information systems,materials science, multidisciplinary

Daniyal Alghazzawi,Omaimah Bamasag,Hayat Ullah,Muhammad Zubair Asghar

DOI: https://doi.org/10.3390/app112411634

2021-12-08

Applied Sciences

Abstract:DDoS (Distributed Denial of Service) attacks have now become a serious risk to the integrity and confidentiality of computer networks and systems, which are essential assets in today’s world. Detecting DDoS attacks is a difficult task that must be accomplished before any mitigation strategies can be used. The identification of DDoS attacks has already been successfully implemented using machine learning/deep learning (ML/DL). However, due to an inherent limitation of ML/DL frameworks—so-called optimal feature selection—complete accomplishment is likewise out of reach. This is a case in which a machine learning/deep learning-based system does not produce promising results for identifying DDoS attacks. At the moment, existing research on forecasting DDoS attacks has yielded a variety of unexpected predictions utilising machine learning (ML) classifiers and conventional approaches for feature encoding. These previous efforts also made use of deep neural networks to extract features without having to maintain the track of the sequence information. The current work suggests predicting DDoS attacks using a hybrid deep learning (DL) model, namely a CNN with BiLSTM (bidirectional long/short-term memory), in order to effectively anticipate DDoS attacks using benchmark data. By ranking and choosing features that scored the highest in the provided data set, only the most pertinent features were picked. Experiment findings demonstrate that the proposed CNN-BI-LSTM attained an accuracy of up to 94.52 percent using the data set CIC-DDoS2019 during training, testing, and validation.

Yawar Abbas Abid,Jinsong Wu,Guangquan Xu,Shihui Fu,Muhammad Waqas

DOI: https://doi.org/10.1109/jiot.2024.3376578

IF: 10.6

2024-01-01

IEEE Internet of Things Journal

Abstract:With the increasing rates of interconnected Internet of Things (IoT) devices within Software-Defined Networking (SDN) environments, distributed denial of service (DDoS) attacks have become increasingly common. As a result of this challenge, novel detection and classification methods must be developed based on the unique characteristics of SDN-supported IoT networks. This paper proposes a novel approach to detecting and categorizing DDoS attacks that has been optimized specifically for such environments. As part of our methodology, we integrate convolutional neural networks (CNN) and long-short-term memory (LSTM) models into a multilevel deep neural network architecture. With this hybrid architecture, complex spatial and temporal patterns can be automatically extracted from raw network traffic data to facilitate comprehensive analysis and accurate identification of DDoS attacks. We validate the efficacy and superiority of our proposed approach over traditional machine learning algorithms by conducting rigorous experiments on real-world datasets. Our findings underscore the potential of the multi-level deep neural network approach as a robust and scalable solution for mitigating DDoS attacks in SDN-supported IoT networks. By improving network security and resilience to evolving threats, our methodology contributes to safeguarding critical infrastructures in the era of interconnected IoT ecosystems.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mahrukh Ramzan,Muhammad Shoaib,Ayesha Altaf,Shazia Arshad,Faiza Iqbal,Ángel Kuc Castilla,Imran Ashraf

DOI: https://doi.org/10.3390/s23208642

2023-10-23

Abstract:Internet security is a major concern these days due to the increasing demand for information technology (IT)-based platforms and cloud computing. With its expansion, the Internet has been facing various types of attacks. Viruses, denial of service (DoS) attacks, distributed DoS (DDoS) attacks, code injection attacks, and spoofing are the most common types of attacks in the modern era. Due to the expansion of IT, the volume and severity of network attacks have been increasing lately. DoS and DDoS are the most frequently reported network traffic attacks. Traditional solutions such as intrusion detection systems and firewalls cannot detect complex DDoS and DoS attacks. With the integration of artificial intelligence-based machine learning and deep learning methods, several novel approaches have been presented for DoS and DDoS detection. In particular, deep learning models have played a crucial role in detecting DDoS attacks due to their exceptional performance. This study adopts deep learning models including recurrent neural network (RNN), long short-term memory (LSTM), and gradient recurrent unit (GRU) to detect DDoS attacks on the most recent dataset, CICDDoS2019, and a comparative analysis is conducted with the CICIDS2017 dataset. The comparative analysis contributes to the development of a competent and accurate method for detecting DDoS attacks with reduced execution time and complexity. The experimental results demonstrate that models perform equally well on the CICDDoS2019 dataset with an accuracy score of 0.99, but there is a difference in execution time, with GRU showing less execution time than those of RNN and LSTM.

Kanthimathi S,Shravan Venkatraman,Jayasankar K S,Pranay Jiljith T,Jashwanth R

DOI: https://doi.org/10.1109/ACCESS.2024.3478764

2024-10-12

Abstract:Distributed Denial of Service (DDoS) attacks are a major concern in network security, as they overwhelm systems with excessive traffic, compromise sensitive data, and disrupt network services. Accurately detecting these attacks is crucial to protecting network infrastructure. Traditional approaches, such as single Convolutional Neural Networks (CNNs) or conventional Machine Learning (ML) algorithms like Decision Trees (DTs) and Support Vector Machines (SVMs), struggle to extract the diverse features needed for precise classification, resulting in suboptimal performance. This research addresses this gap by introducing a novel approach for DDoS attack detection. The proposed method combines three distinct CNN architectures: SA-Enabled CNN with XGBoost, SA-Enabled CNN with LSTM, and SA-Enabled CNN with Random Forest. Each model extracts features at multiple scales, while self-attention mechanisms enhance feature integration and relevance. The weighted ensemble approach ensures that both prominent and subtle features contribute to the final classification, improving adaptability to evolving attack patterns and novel threats. The proposed method achieves a precision of 98.71%, an F1-score of 98.66%, a recall of 98.63%, and an accuracy of 98.69%, outperforming traditional methods and setting a new benchmark in DDoS attack detection. This innovative approach addresses critical limitations in current models and advances the state of the art in network security.

Cryptography and Security,Artificial Intelligence,Machine Learning

Ashfaq Ahmad Najar,Manohar Naik Sugali,Faisal Rasheed Lone,Azra Nazir

DOI: https://doi.org/10.1002/cpe.8157

2024-06-04

Concurrency and Computation Practice and Experience

Abstract:Summary Among the recent network security issues, Distributed Denial of Service (DDoS) attack is one of the most dangerous threats in today's cyberspace that can disrupt essential services. These attacks compromise network security by flooding the target with malicious traffic. Several researchers have designed effective DDoS detection mechanisms using machine learning (ML) and deep learning (DL)‐based techniques. However, existing detection approaches paid less attention to issues such as class imbalance, multi‐classification, or computational cost of the models, especially time. In this study, we propose a novel framework for detecting and classifying DDoS attacks with high accuracy and low computational cost. To address the class imbalance, we employ random sampling, while feature selection techniques such as low information gain, quasi‐constant elimination, and principal component analysis are utilized for optimal feature selection and reduction. Our proposed CNN‐based model achieves outstanding performance, boasting an accuracy of 99.99% for binary classification and 98.44% for multi‐classification. The proposed model is compared to existing works and baseline line models and found to be effective in binary and multi‐classification.

computer science, theory & methods, software engineering

Ibtihal AlSaleh,Aida Al-Samawi,Liyth Nissirat

DOI: https://doi.org/10.3390/s24051418

IF: 3.9

2024-02-23

Sensors

Abstract:Cloud computing has revolutionized the information technology landscape, offering businesses the flexibility to adapt to diverse business models without the need for costly on-site servers and network infrastructure. A recent survey reveals that 95% of enterprises have already embraced cloud technology, with 79% of their workloads migrating to cloud environments. However, the deployment of cloud technology introduces significant cybersecurity risks, including network security vulnerabilities, data access control challenges, and the ever-looming threat of cyber-attacks such as Distributed Denial of Service (DDoS) attacks, which pose substantial risks to both cloud and network security. While Intrusion Detection Systems (IDS) have traditionally been employed for DDoS attack detection, prior studies have been constrained by various limitations. In response to these challenges, we present an innovative machine learning approach for DDoS cloud detection, known as the Bayesian-based Convolutional Neural Network (BaysCNN) model. Leveraging the CICDDoS2019 dataset, which encompasses 88 features, we employ Principal Component Analysis (PCA) for dimensionality reduction. Our BaysCNN model comprises 19 layers of analysis, forming the basis for training and validation. Our experimental findings conclusively demonstrate that the BaysCNN model significantly enhances the accuracy of DDoS cloud detection, achieving an impressive average accuracy rate of 99.66% across 13 multi-class attacks. To further elevate the model's performance, we introduce the Data Fusion BaysFusCNN approach, encompassing 27 layers. By leveraging Bayesian methods to estimate uncertainties and integrating features from multiple sources, this approach attains an even higher average accuracy of 99.79% across the same 13 multi-class attacks. Our proposed methodology not only offers valuable insights for the development of robust machine learning-based intrusion detection systems but also enhances the reliability and scalability of IDS in cloud computing environments. This empowers organizations to proactively mitigate security risks and fortify their defenses against malicious cyber-attacks.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Beenish Habib,Farida Khursheed

DOI: https://doi.org/10.1002/cpe.7996

2024-02-16

Concurrency and Computation Practice and Experience

Abstract:Summary Internet data thefts, intrusions and DDoS attacks are some of the big concerns for the network security today. Detection of these anomalies, is gaining tremendous impetus with the development of machine learning and artificial intelligence. Even now researchers are shifting the base from machine learning to the deep neural architectures with auto‐feature selection capabilities. We in this paper propose multiple deep neural network architectures which can select, co‐learn and teach the gradients of the neural network by itself with no human intervention. This is what we call as meta‐learning. The models are configured in both many to one and many to many design architectures. We combine long short‐term memory (LSTM), bi‐directional long short‐term memory (BiLSTM), convolutional neural network (CNN) layers along with attention mechanism to achieve the higher accuracy values among all the available deep learning model architectures. LSTMs overcomes the vanishing and exploding gradient problem of RNN and attention mechanism mimics the human cognitive attention that screens the network flow to obtain the key features for network traffic classification. In addition, we also add multiple convolutional layers to get the key features for network traffic classification. We get the time series analysis of the traffic done for the possibility of a DDoS attack without using any feature selection techniques and without balancing the dataset. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate (FAR), sensitivity, specificity, false‐positive rate (FPR), F1 score, area under curve (AUC) analysis and loss functions on well‐known public benchmark KDD Cup'99 data set. The results of our experiments reveal that our models outperform existing techniques, showing their superiority in performance.

computer science, theory & methods, software engineering

Fernando Martinez,Mariyam Mapkar,Ali Alfatemi,Mohamed Rahouti,Yufeng Xin,Kaiqi Xiong,Nasir Ghani

2024-06-04

Abstract:Distributed Denial of Service (DDoS) attacks pose an increasingly substantial cybersecurity threat to organizations across the globe. In this paper, we introduce a new deep learning-based technique for detecting DDoS attacks, a paramount cybersecurity challenge with evolving complexity and scale. Specifically, we propose a new dual-space prototypical network that leverages a unique dual-space loss function to enhance detection accuracy for various attack patterns through geometric and angular similarity measures. This approach capitalizes on the strengths of representation learning within the latent space (a lower-dimensional representation of data that captures complex patterns for machine learning analysis), improving the model's adaptability and sensitivity towards varying DDoS attack vectors. Our comprehensive evaluation spans multiple training environments, including offline training, simulated online training, and prototypical network scenarios, to validate the model's robustness under diverse data abundance and scarcity conditions. The Multilayer Perceptron (MLP) with Attention, trained with our dual-space prototypical design over a reduced training set, achieves an average accuracy of 94.85% and an F1-Score of 94.71% across our tests, showcasing its effectiveness in dynamic and constrained real-world scenarios.

Cryptography and Security,Machine Learning,Networking and Internet Architecture

Bangli Wang,Yuxuan Jiang,You Liao,Zhen Li

DOI: https://doi.org/10.1049/2024/1056705

2024-09-19

IET Information Security

Abstract:Distributed denial‐of‐service (DDoS) attacks pose a significant threat to network security due to their widespread impact and detrimental consequences. Currently, deep learning methods are widely applied in DDoS anomaly traffic detection. However, they often lack the ability to collectively model both local and global traffic features, which presents challenges in improving performance. In order to provide an effective method for detecting abnormal traffic, this paper proposes a novel network architecture called DDoS‐MSCT, which combines a multiscale convolutional neural network and transformer. The DDoS‐MSCT architecture introduces the DDoS‐MSCT block, which consists of a local feature extraction module (LFEM) and a global feature extraction module (GFEM). The LFEM employs convolutional kernels of different sizes, accompanied by dilated convolutions, with the aim of enhancing the receptive field and capturing multiscale features simultaneously. On the other hand, the GFEM is utilized to capture long‐range dependencies for attending to global features. Furthermore, with the increase in network depth, DDoS‐MSCT facilitates the integration of multiscale local and global contextual information of traffic features, thereby improving detection performance. Our experiments are conducted on the CIC‐DDoS2019 dataset, and also the CIC‐IDS2017 dataset, which is introduced as a supplement to address the issue of sample imbalance. Experimental results on the hybrid dataset show that DDoS‐MSCT achieves accuracy, recall, F1 score, and precision of 99.94%, 99.95%, 99.95%, and 99.97%, respectively. Compared to the state of the art methods, the DDoS‐MSCT model achieves a good performance for detecting the DDoS attack to provide the protecting ability for network security.

computer science, information systems, theory & methods

Ahamed Ali Samsu Aliar,V. Gowri,A. Arockia Abins

DOI: https://doi.org/10.1002/ett.4921

IF: 3.6

2024-01-06

Transactions on Emerging Telecommunications Technologies

Abstract:Distributed denial of service (DDoS) attacks are a cyber‐attack in which multiple compromised systems, often controlled by attackers, flood a target system or network with massive traffic volume, overwhelming its resources and rendering it inaccessible to legitimate users. DDoS attacks can cause significant disruption, financial losses, and reputational damage to organizations and individuals. Detecting DDoS an attack promptly allows organizations to respond quickly and implement appropriate mitigation measures. Rapid response helps minimize the impact of the attack and reduce downtime, ensuring that critical systems and services remain accessible to legitimate users and by detecting and mitigating DDoS attacks, organizations can maintain the availability of their services and prevent disruption to their operations. Uninterrupted access to services enhances customer satisfaction, prevents revenue losses, and preserves the organization's reputation. While detecting DDoS attacks brings several advantages, DDoS detection systems may occasionally generate false‐positive alerts, mistakenly identifying legitimate traffic as an attack. This can lead to unnecessary disruptions or false alarms, requiring additional effort and resources for investigation and response. DDoS attacks constantly evolve, and attackers may employ new techniques or variations not yet known or accounted for by detection systems. Reducing some of these problems using the suggested method, this helps improve the system's performance and efficiency. This figure shows the "pictorial representation of the proposed detection model for DDoS attacks over the cloud sector using ensemble deep learning methods." The biggest firms throughout the world now are the ones that offer services in the cloud. One of the top problems for cloud users (CUs) and cloud service providers (CSPs) is the availability of cloud‐based services whenever needed. A distributed denial of service (DDoS) assault has been a significant threat to the security of the system in recent years. DDoS defense and detection of these attacks have become hot topics of research for academia and business. However, most approaches cannot accomplish efficient detection outcomes with few false alarms. As a result, minimizing the consequences of DDoS attacks allows CSPs to offer CUs high‐quality services. In the cloud sector, a collective deep structured algorithm is suggested to identify DDoS attacks successfully. The recommended method contains several stages: data acquisition, pre‐processing, optimal feature detection, and selection. The first step is the acquisition of data using the help of publicly available sources. Further, the input data undergoes preprocessing. Consequently, the optimal weighted feature selection takes place on the preprocessed data, where the optimization is done with the aid of the Hybrid Border Collie and Dragonfly Algorithm (HBCDA). Finally, DDoS attack detection is achieved via a novel method known as adaptive deep dilated ensemble (ADDE), which includes, one‐dimensional convolutional neural network (1DCNN), deep temporal convolutional neural network (DTCNN), recurrent neural network (RNN), and bidirectional long short‐term memory (Bi‐LSTM). For the attainment of optimal results, the parameter tuning is accomplished by using the HBCDA approach. The detection outcome is computed by using the fuzzy ranking mechanism. The validation is done for the suggested method model, and its corresponding findings are validated with conventional techniques. Hence, the suggested approach outperforms the detection performance and ensures more efficiency than traditional approaches.

telecommunications

Abdussalam Ahmed Alashhab,Mohd Soperi Zahid,Babangida Isyaku,Asma Abbas Elnour,Wamda Nagmeldin,Abdelzahir Abdelmaboud,Talal Ali Ahmed Abdullah,Umar Danjuma Maiwada

DOI: https://doi.org/10.1109/access.2024.3384398

IF: 3.9

2024-05-07

IEEE Access

Abstract:Software Defined Networks (SDN) offer dynamic reconfigurability and scalability, revolutionizing traditional networking. However, countering Distributed Denial of Service (DDoS) attacks remains a formidable challenge for both traditional and SDN-based networks. The integration of Machine Learning (ML) into SDN holds promise for addressing these threats. While recent research demonstrates ML's accuracy in distinguishing legitimate from malicious traffic, it faces difficulties in handling emerging, low-rate, and zero-day DDoS attacks due to limited feature scope for training. The ever-evolving DDoS landscape, driven by new protocols, necessitates continuous ML model retraining. In response to these challenges, we propose an ensemble online machine-learning model designed to enhance DDoS detection and mitigation. This approach utilizes online learning to adapt the model with expected attack patterns. The model is trained and evaluated using SDN simulation (Mininet and Ryu). Its dynamic feature selection capability overcomes conventional limitations, resulting in improved accuracy across diverse DDoS attack types. Experimental results demonstrate a remarkable 99.2% detection rate, outperforming comparable models on our custom dataset as well as various benchmark datasets, including CICDDoS2019, InSDN, and slow-read-DDoS. Moreover, the proposed model undergoes comparison with industry-standard commercial solutions. This work establishes a strong foundation for proactive DDoS threat identification and mitigation in SDN environments, reinforcing network security against evolving cyber risks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Mahmoud Said Elsayed,Nhien-An Le-Khac,Soumyabrata Dev,Anca Delia Jurcut

DOI: https://doi.org/10.48550/arXiv.2006.13981

2020-06-25

Abstract:Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns - hence, lacking in attack diversity. In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.

Cryptography and Security

Raj Kumar Batchu,Thulasi Bikku,Srinivasarao Thota,Hari Seetha,Abayomi Ayotunde Ayoade

DOI: https://doi.org/10.1038/s41598-024-77554-9

IF: 4.6

2024-11-24

Scientific Reports

Abstract:Distributed denial of service (DDoS) attack is one of the most hazardous assaults in cloud computing or networking. By depleting resources, this attack renders the services unavailable to end users and leads to significant financial and reputational damage. Hence, identifying such threats is crucial to minimize revenue loss, market share, and productivity loss and enhance the brand reputation. In this study, we implemented an effective intrusion detection system using deep learning approach. The suggested framework includes three phases: Data pre-processing, Data balancing, and Classification. First, we prepare the valid data, which is helpful for further processing. Then, we balance the given pre-processed data by Conditional generative adversarial network (CGAN), and as a result, we can minimize the bias towards the majority classes. Finally, we distinguish whether the traffic is attack or benign using a stacked sparse denoising autoencoder (SSDAE) with a firefly-black widow (FA-BW) hybrid optimization algorithm. All these experiments are validated through the CICDDoS2019 dataset and compared with well-received techniques. From these findings, we observed that the proposed strategy detects DDoS attacks significantly more accurately than other approaches. Based on our findings, this study highlights the crucial role played by advanced deep learning techniques and hybrid optimization algorithms in strengthening cybersecurity against DDoS attacks.

multidisciplinary sciences

Vedanth Ramanathan,Krish Mahadevan,Sejal Dua

DOI: https://doi.org/10.48550/arXiv.2309.05646

2023-09-12

Abstract:Cybersecurity attacks are becoming increasingly sophisticated and pose a growing threat to individuals, and private and public sectors. Distributed Denial of Service attacks are one of the most harmful of these threats in today's internet, disrupting the availability of essential services. This project presents a novel deep learning-based approach for detecting DDoS attacks in network traffic using the industry-recognized DDoS evaluation dataset from the University of New Brunswick, which contains packet captures from real-time DDoS attacks, creating a broader and more applicable model for the real world. The algorithm employed in this study exploits the properties of Convolutional Neural Networks (CNN) and common deep learning algorithms to build a novel mitigation technique that classifies benign and malicious traffic. The proposed model preprocesses the data by extracting packet flows and normalizing them to a fixed length which is fed into a custom architecture containing layers regulating node dropout, normalization, and a sigmoid activation function to out a binary classification. This allows for the model to process the flows effectively and look for the nodes that contribute to DDoS attacks while dropping the "noise" or the distractors. The results of this study demonstrate the effectiveness of the proposed algorithm in detecting DDOS attacks, achieving an accuracy of .9883 on 2000 unseen flows in network traffic, while being scalable for any network environment.

Cryptography and Security,Machine Learning,Networking and Internet Architecture